Closed pkey closed 4 years ago
remy
commented
4 years ago I'd be inclined to test that theory that the package.json is the first place people will look (when using vscode). I certainly don't, but I'm one developer. Doesn't mean it shouldn't be added, I'm just not so sure during development I visit my own package.json that often (if at all).
pkey
commented
4 years ago @remy True, everyone has a different approach. What is yours to get an overview of the dependencies then?
bmvermeer
commented
4 years ago 
thisislawatts
commented
4 years ago @remy from my perspective I tend to take a look in package.json whilst I am orienteering myself around a new to me project. Mainly to look through the scripts section and see what hasn't been documented ;)
bmvermeer
commented
4 years ago current release in the marketplace (1.3.1) scans dependencies in package.json
Why
When it comes to the overall view of dependencies,
package.jsonis the first place people would look at. At the moment, vulnerabilities are only scanned as user imports/requires the module in his code.What
It would be helpful to have scanning being reflected on
package.jsondependency list as well.